Networks

Question

Cisco PIX 515 DHCP problem

I have acquired a PIX 515 (foc) and want to use it to hang a DR ftp server off and replace the PIX 501 I have at present.

It sits behind an ADSL router that is set up in half-bridge mode, the outside interface configured for DHCP. The 501 works perfectly like this.

All going ok apart from the 515 is not picking up the IP address from the router. If I connect my laptop to the router it gets the IP fine and I can browse the web. I have the outside interface configured as:

ip address outside dhcp setroute retry 4

but nothing is happening and it fails. No idea why.

I was getting "Deny udp reverse path check" errors but was given a suggestion to add:

no ip verify reverse-path interface OUTSIDE

which has stopped that error, but now there's nothing in any of the logs. I'm no expert on Cisco kit, but I need this going asap really.

Being in the UK and on a BT line, we're limited to PPPoA. I have read that the PIX only supports PPPoE and out ISP doesn't use it. Will this affect the PIX getting an IP? Can anyone give me any suggestions (ditch the PIX is not an option, BTW).

More...

There are no access lists set. I've done some testing today though. If I connect my laptop to the router I get the initial ip from that, then once it connects to the ISP it then passes the external IP through to the laptop and I can browse the web.

If I connect the PIX outside interface directly to my LAN, it picks up an IP address immediately from my DC. No messing about.

So WHY won't it pick up an ip from the router? I have failover disabled yet it seems to use that ip address to get a network connection then try dhcp. I've had this error on startup :

dhcp client start discover: wait until failover switch to activeWarning: System IP and failover are not in the same subnet.It will cause route command fail when bootup !!

So how does that work? Failover is disabled isn't it? The system IP is 127.0.0.1 so what am I supposed to do now? there's nowhere to change the subnet mask either. So I'm somewhat confused here. If I set the failover to the same range as the router it doesn't work. If I use one of my 6 static IPs from my ISP it doesn't work. if I use 0.0.0.0 is doesnt work. Anyone with any ideas????

I think we're getting somewhere...

Ah-ha! However, as a test I have changed my router lease time to 5 days so I think this is coming from my ISP, as the router is in 1/2-bridge. I've passed the full debug trace to their tech support but I don't know what they can do about it.

I'm on my hols for 2 weeks from tonight, back in on 1st Sept (bank holiday the Monday we get back!) so if nothing happens I will be picking this back up then. Many thanks for your responses, guys.

Start or search

Create a new discussion

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

Post type

Subject title

Topic Tags

Select up to 3 tags (1 tag required)

Cloud

Piracy

Security

Apple

Microsoft

IT Employment

Google

Open Source

Mobility

Social Enterprise

Community

Smartphones

Operating Systems

Windows

Mac

Malware

Tablets

Networking

Browser

Hardware

Software

Web Developerment

Linux

Off Topic

Message Body

Track this discussion and email me when there are updates

Please note: Do not post advertisements, offensive material, profanity, or personal attacks. Please remember to be considerate of other members. If you're new to the TechRepublic Forums, please read our TechRepublic Forums FAQ. All submitted content is subject to our Terms Of Use.